Get all your news in one place.
100's of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This new DarkSword iOS exploit can steal almost everything from your iPhone – here's what we know

Google
Entering passcode on an iPhone.
  • Researchers uncover DarkSword malware framework targeting iPhones
  • Exploits six high-severity flaws in iOS 18.4–18.7, now patched
  • Used by spyware vendors and state-backed groups with variants like GhostSaber and GhostKnife

Security researchers uncovered a new malware framework called DarkSword, capable of stealing plenty of sensitive data from iPhone users.

Earlier this week a number of security vendors, including Google, sounded the alarm on DarkSword, saying it leverages at least six vulnerabilities, and is being actively used by multiple commercial spyware makers, as well as state-sponsored hackers, in in-the-wild attacks.

Some of these flaws are zero-days, meaning they were being exploited before Apple, or anyone else in the cybersecurity community, knew about them. They affect iOS versions 18.4 to 18.7 and all were, since then, patched. So, make sure you’ve updated your iPhone to the latest version.

Commercial malware abuse

The vulnerabilities being abused are as follows:

  • CVE-2025-31277 (8.8/10 - high)
  • CVE-2025-43529 (8.8/10 - high)
  • CVE-2026-20700 (7.8/10 - high)
  • CVE-2025-14174 (8.8/10 - high)
  • CVE-2025-43510 (7.8/10 - high)
  • CVE-2025-43520 (7.1/10 - high)

Google, as well as other security outfits including Lookout and iVerify, are saying DarkSword is in active use since at least November 2025, by multiple commercial malware vendors, as well as state-sponsored groups. For example, Google says a Turkish company called PARS Defense was using it to target both Turkish and Malaysian victims.

The company also mentions UNC6353, allegedly a Russian state-sponsored actor, using DarkSword against Ukrainian targets. Finally, there is a group tracked as UNC6748 that has been using a Snapchat-themed website to target people in Saudi Arabia.

The framework itself doesn’t include malware, though. Each group has been using a different variant in their attacks, it was said, with PARS using GhostSaber to enumerate accounts, list files, exfiltrate data, and run JavaScript remotely.

UNC6748, on the other hand, is using GhostKnife, a JavaScript-based backdoor capable of stealing data such as signed-in accounts, messages, browser data, location history, and recordings.

Via The Register

Sign up to read this article
Read news from 100's of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Why Unrecognisable Kelly Osbourne Is Risking Everything to Buy Back the 'MTV House' After Ozzy's Death
Kelly Osbourne has shared her family's attempts to buy back the Beverly Hills MTV House from The Osbournes, amid grief over Ozzy's death and her split from Sid Wilson. The property holds strong family memories she is determined to reclaim.
International Business Times UK
International Business Times UK
Your Retirement Needs a Sketchbook, Not Just a Spreadsheet: This Book Focuses on Your Life Goals Rather Than the Math
"Your Retirement Sketchbook" focuses on the hardest part of retirement planning — figuring out what your retirement life will look like.
Kiplinger
Kiplinger
Louis Theroux's Inside The Manosphere Should Be Mandatory Viewing For Young Men And Their Parents
This was a wake-up call.
Cinemablend
Cinemablend
“I'm, like, sobbing… in tears, because it was so… I mean, he's a poet”: Flea talks collabs and a new Chili Peppers album
He admits he cried when he heard Nick Cave’s vocal on his solo album
MusicRadar
MusicRadar
Full Masters Of The Universe Trailer Revealed Jared Leto's Voice As Skeletor, And I've Got Thoughts
By the power of Greyskull, I am confused.
Cinemablend
Cinemablend
Slash sale: Guns ‘n’ Roses star’s guitar to fetch up to £300,000 in music auction
Exclusive auction will see rare Slash, Queen, and Beatles memorabilia go up for sale in April
The Independent UK
The Independent UK
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play